Judge rules cops' hacker went too far

A federal judge rules that law enforcement officials went too far when they tried to use evidence gathered by a known hacker to convict someone of possessing child pornography.

15 November 200212:48 pm GMT

A federal judge has ruled that law enforcement officials went too far when they tried to use evidence gathered by a known hacker to convict someone of possessing child pornography.

The decision, handed down earlier this month, is believed to be the first to say that hacking into an Internet-connected home PC without a warrant violates the Fourth Amendment, which prohibits unreasonable searches and seizures.

"This makes it clear that law enforcement needs a search warrant to do this," said Orin Kerr, an associate professor at George Washington University Law School. Kerr said the ruling was the first of its kind.

The Virginia judge suppressed evidence of child porn possession after the defendant's lawyers argued the evidence had been illegally obtained by a hacker whose methods had received approval from law enforcement officials.

The decision came out of a case in which a hacker uploaded a file to a child porn newsgroup that made it possible to track who downloaded files from the service. The uploaded file contained the SubSeven virus, which the hacker used to remotely search people's computers for porn.

The hacker then played the role of a cybervigilante, sending anonymous tips to law enforcement officials alerting them to child porn files the hacker had found on people's PCs.

In one case, the hacker tipped off officials in Alabama about a doctor in that state who had downloaded files from the newsgroup. The doctor was eventually sentenced to 17 years in prison. The hacker later contacted the same officials about a Virginia man who the hacker suspected was involved with child porn.

The Alabama officials told the FBI of the hacker's suspicions. The bureau, through the Alabama officials, encouraged the hacker to send more information. Based on that further data, U.S. attorneys and state prosecutors filed numerous charges against the Virginia man, William
Adderson Jarrett, related to creating and receiving child porn.

Jarrett pleaded guilty. However, his attorneys also argued that the FBI had violated Jarrett's Fourth Amendment rights when they retrieved the information, via the hacker, without a warrant.

The judge agreed with that assertion, ruling that the evidence could not be used in court because the FBI had approved of hacking as a means of obtaining it, a move that violates protections against unreasonable search and seizure.

"By requesting that (the hacker) send the information," the judge's ruling said, "the FBI indicated its approval of whatever methods (the hacker) had used to obtain the information."

The decision put Jarrett's guilty plea on hold.

Although U.S. prosecutors are likely to appeal the ruling, the case could be a cautionary tale for agencies that try to use hackers as an arm of law enforcement without first obtaining a warrant.

The ruling also could open the door for other defendants to use similar arguments in their cases.